Formal methods
engineering
A short overview
Basics




The course was given by Hussein
Zedan (Leicester, UK) …
… over one week = 30 hours
Problem classes and assessment was
done by Dragan Mašulović (our own
associate professor)
Problem classes in two sessions = 15
hours
Agenda




Part I - Rationale: Why do we model?
Part II - Finite state machines (“as
the assembly language of modeling”)
Part III – Statecharts
Part IV - Time in statecharts
Students’ background


Should know a lot of FSMs
Use them in:
• compiler construction
• OOA/D – dynamic view

But had no idea that FSMs are
‘assembly language of modeling’ and
that they may have wider application
areas
Problem classes
Coursework 1
You are given the following vending machine specification: The machine
has one slot (for inserting coins) and two buttons for selecting the type of
coffee.
• The vending machine dispenses only two sizes of coffee: big, which costs
50p and ’small’ size costing 25p.

The machine may cheat as it does not return change (nonetheles it gives
coffee!).

Once a coin is inserted, the customer can not get it back.

After inserting the coins, the customer presses the coffee of choice. If the
right amount of money was inserted, the coffee will be dispensed
otherwise, the machine waits. Once the coffee is dispensed, all inserted
coins are dropped in a money box and the machine waits for the next
customer.

The machine can accept ‘5p’, ‘10p’ and ‘20p’ only.

The existing machine only dispenses black coffee and that a customer is
provided with milk cartons and/or portions of sugar, both free of charge.
However, the company decided to automate these processes (milk and
sugar) by designing a milk and a sugar machine! Both machines have only
one button each that is if pressed a carton of milk and/or a portion of
sugar will be dispensed, respectively.

Coursework 2 - 1

Give a Statechart for following informal
specification. The objective is to specify a faulttolerant solution for a computation service P that
can be characterised as follows:
• P inputs data provided by a producer on channel A.
• For each input x on A, a computation y = f (x) is
performed by P and delivered via channel B to a
consumer.
• We assume a synchronous communication between
server and environment: The producer will only send a
new job after having received a NEXT-message from the
server computer indicating that P has finished the
previous computation.
Coursework 2 - 2


Give a Statechart for a Traffic-light Controller, the
informal description of which is as follows:
There are two sets of lights: one is positioned
over the main road (MAIN) entering the crossjunction, and the other is over the secondary
road (SEC). During the daytime the controller
operates according to one of two possible
programs (option externally determined):


Program A gives two minutes for the vehicles on MAIN, and
half a minute for the vehicles on SEC, alternating.
Program B gives half a minute for the vehicles in
SEC once a signal “SEC FULL” goes on (the “SEC
FULL” signal coming from an external sensor).
Tools

JFlap
• http://www.jflap.org/

Statemate
Feedback